Certified OpenPGP-encryption after release of Thunderbird 78

Patrick Brunschwig patrick at enigmail.net
Sun May 31 10:01:34 CEST 2020


Mark wrote on 31.05.2020 01:28:
> Doesn't TB also need your secret keys to decrypt messages?  

With smartcard support via GnuPG, all secret key operations are handled
by GnuPG, and all public key operations are handled by TB (Note: the
standard case, without smartcard support, will be that all keys are in
Thunderbird).

The use-cases are clearly distinct:
- encryption: you only need public keys
- decryption: you only need secret keys
- signing: you only need secret keys
- verification: you only need public keys

> Also what if you need your public keys outside of TB such as encrypting
> a file?

That's not supported by Thunderbird. The idea of OpenPGP in Thunderbird
is that you use it for email.

> The reason I'm asking is that awhile ago I posted about unknown files in
> my GNUPG directory. PAPubring.gpg and PAsecring.gpg. I eventually found
> out those are key rings used by a program I have called Power Archiver.
> I'm not sure why it has it own set of keys, still awaiting an
> explanation from support. If every app is not using the same pair of key
> rings (and there is no synchronization between them) could that not lead
> to problems?

The only "problem" might be that you have different keys on different
key rings. But this is not necessarily a problem - you use different
keys for different purposes and you can import and export the keys
between the tools if needed.

-Patrick

> On 5/30/2020 12:57 PM, Patrick Brunschwig wrote:
>> Mark wrote on 30.05.2020 20:54:
>>> So then do you have multiple pairs of key rings? One pair for TB78 and
>>> its built in PGP and another pair as part of GNUPG?
>> No exactly. You have your secret keys with GnuPG, and your public keys
>> with Thunderbird. No synchronization required.
>>
>> -Patrick
>>> If so how do you keep them synchronized?
>>>
>>> On 5/30/2020 9:17 AM, Patrick Brunschwig wrote:
>>>> Robert J. Hansen wrote on 30.05.2020 01:07:
>>>>>> If TB 78 is going to have native support of openGPG encryption, then the
>>>>>> original person in the thread should be able to export all of the keys
>>>>>> in their key rings, and import all of those keys into TB 78, or am I
>>>>>> missing one of the gotchas with
>>>>>> TV 78 and it's openGPG encryption support.
>>>>> You're missing the gotcha of "as of -Beta3, the new Thunderbird *cannot
>>>>> even import a key*."
>>>> I'm sorry, but that is simply not true. There is a known bug in the
>>>> library used by Thunderbird (RNP) that leads to crashes when importing
>>>> _certain_ keys. But I succeeded in importing all of my keys without any
>>>> problems (more than 1.000), except for 5 V3-keys. I can definitely say
>>>> that it's not just broken, and it can import keys.
>>>>
>>>>> I'm not kidding.  It is so far from complete that Kai Englert, who leads
>>>>> the TB78 OpenPGP effort, recently proposed postponing OpenPGP support in
>>>>> TB until version 78.2, or about a three-month delay.
>>>> Again, that's oversimplified. OpenPGP will not be enabled _by_ _default_
>>>> but users may still enable it manually.
>>>>
>>>>> At present, as of -Beta3, TB78's OpenPGP support is badly broken.
>>>> No, it's incomplete - work in progress. That's not quite the same.
>>>>
>>>> -Patrick


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 802 bytes
Desc: OpenPGP digital signature
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20200531/0ce326b5/attachment.sig>


More information about the Gnupg-users mailing list